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DETAILED ACTION 

Claim Rejections - 35 USC §103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-6, 14-19, 26-31 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bernstein(5884,316) in view of Mallory(6 126328). 

3. As per claims 1, 14, 26, Bernstein et al discloses establishing a session on behalf of a 
user(see col. 4, lines 33-40, 59-67); receiving a request to enable database privileges for the 
user(see col. 5, lines 50-55, col. 6, lines 24-36); upon receipt to the request to enable database 
privileges(see col. 6, lines 24-36) verifying trusted security logic has been previously executed, 
wherein the act of verifying the trusted security logic includes verifying a proxy user(see col. 4, 
lines 24-53, col. 6, lines 37-50); and enabling database privileges for the user if the trusted 
security logic has been executed(see col. 2, lines 50-67, col. 5, lines 50-55, col. 6, lines 24-36). 

4. Bernstein is silent on verifying trusted logic by checking a call stack. Mallory discloses 
verifying trusted logic by checking a call stack(see col. 18, lines 36-63). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to include checking the call 
stack of Mallory with Bernstein, the motivation is that checking the call stack is a way to 
evaluate whether a valid pointer to a context structure is found execution proceeds(see col. 18, 
lines 48-63). 

5. As per claims 2, 15, 27, Bernstein discloses storing call information in one or more 
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frames of a call stack(see fig. 3 sheet 4); and wherein the act of verifying includes determining 
whether the one or more frames of the call stack corresponds to the trusted security logic(see col. 
4, lines 40-50). 

6. As per claims 3, 16, 28, Bernstein discloses wherein the act of verifying the trusted 
security logic comprises verifying an application name(see col. 5, lines 1-26). 

7. As per claims 4, 17, 29, Bernstein discloses wherein the act of verifying the trusted 
security logic further includes verifying a security function name(see col. 6, lines 24-36). 

8. As per claims 5,18, 30, Bernstein discloses wherein the act of verifying trusted security 
logic comprises verifying a module name(see col. 6, lines 24-36). 

9. As per claims 6, 19,31, Bernstein discloses collecting one or more session parameters; 
comparing the one or more session parameters against a set of trusted security parameters 
defined in a security function; and returning a result indicating whether the one or more session 
parameters matches the set of trusted security parameters(see col. 6, lines 36-50, 62-67). 

10. Claims 8, 21, 32, are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bernstein(5,884,316) in view of Mallory(6 126328) further in view of Fisher(6092189). 

11. As per claims 8,21,32, Bernstein nor Mallory disclose receiving information identifying 
the user; prompting the user for a password; authenticating the user based on information stored 
in an application program; and associating the user with a role. As per claims 8, 21, 32, Fisher 
discloses receiving information identifying the user; prompting the user for a password(see col. 
15, lines 42-44); authenticating the user based on information stored in an application program; 
and associating the user with a role(see col. 15, lines 45-51, col. 31, lines 30-34). It would have 
been obvious to one of ordinary skill in the art at the time of the invention to include receiving 
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information identifying the user, prompting the user for a password, authenticating the user 
based on information stored in an application program; and associating the user with a role of 
Fisher with Bernstein, because database security is maintained through the control of access to 
the database tables by the DBMS. Data that is considered privileged can be protected from 
access by those persons or programs that should not see it(see col. 39, lines 54-67 of Fisher). 
12. Claims 9-12 are allowable for the limitations enable database privileges for the user if the 
trusted security logic is contained in the one or more frames of the call stack. 



Response to Amendment 

1 3 . The Applicant states that Bernstein does not disclose verifying trusted security logic by 
checking a call stack is not disclosed in Bernstein, and new art has been applied to amended 
feature Mallory(6 126,328). Mallory discloses a procedure ExamineContext(i.e. security logic) is 
called by execution to host control code to obtain information pertaining to the execution of a 
code module in the execution engine. Procedure ExamineContext receives parameter module 
name, indicating the name of the code module being executed by the execution engine, and 
parameter param_req_ptr. Param_req_ptr is a pointer to a context structure instantiated by a 
previous call to execution interface. The pointer to the context structure(i.e. call stack) is 
evaluated to determine whether a valid pointer is foundfsee col. 18, lines 36-63). 

14. The Applicant states that Bernstein does not disclose verifying trusted logic has 
previously been executed by verifying a proxy user. The Examiner disagrees with the Applicant. 
Bernstein discloses a function call from a client that is intercepted by a proxy. The interface 
pointer from the client is an interface pointer structure that includes a proxy object known as a 
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virtual function table(see col. 4, lines 33-40). Vtable pointer that points from the interface 
pointer structure to the vtable object. Vtable is the proxy object that is a table of pointers to each 
specific member function implementation(see col. 4, lines 40-52). The vtable pointer that points 
from the interface pointer structure to the vtable object(see col. 4, lines 24-53, col. 6, lines 37- 
50). 

Final Necessitated by Amendment 

15. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JENISE E. JACKSON whose telephone number is (571)272- 
3791 . The examiner can normally be reached on Increased Flex time, but generally in the office 
M-Fri(8-4:30). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/J. E. J./ 

Examiner, Art Unit 2139 

February 29, 2008 

/Matthew Heneghan/ 

Primary Examiner, Art Unit 2139 



